[Published Wednesday, April 25th; updated April 26th]
More details are emerging regarding a QuickTime/Java security flaw affecting Mac OS X discovered by Dino Dai Zovi at the CanSecWest conference.
A Secunia report on the flaw states:
"The vulnerability is caused due to an unspecified error within the Java handling in QuickTime. This can be exploited to execute arbitrary code when a user visits a malicious web site using a Java-enabled browser e.g. Safari or Firefox."
It appears that the flaw is triggered by simply accessing a malicious Web page -- no further user action is required.
For Safari, follow these instructions:
- Select Preferences from the Safari menu
- Click on the Security tab
For Firefox, follow these instructions:
- Select Preferences from the Firefox menu
- Click on the Content tab